aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@citi.umich.edu>2010-06-01 11:21:40 -0400
committerJ. Bruce Fields <bfields@citi.umich.edu>2010-06-24 12:24:55 -0400
commitcba9ba4b902270c22f8b9c5149a284216b633fc1 (patch)
tree8d51f4f169e25113a319e794afe130de53db4ca2
parentac94bf582529343bb7f354d0eef6dc4e566bbbd5 (diff)
nfsd4: fix delegation recall race use-after-free
When the rarely-used callback-connection-changing setclientid occurs simultaneously with a delegation recall, we rerun the recall by requeueing it on a workqueue. But we also need to take a reference on the delegation in that case, since the delegation held by the rpc itself will be released by the rpc_release callback. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
-rw-r--r--fs/nfsd/nfs4callback.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index a4686326b5ae..1e6497ed3e12 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -689,6 +689,7 @@ static void nfsd4_cb_recall_done(struct rpc_task *task, void *calldata)
689 warn_no_callback_path(clp, task->tk_status); 689 warn_no_callback_path(clp, task->tk_status);
690 if (current_rpc_client != task->tk_client) { 690 if (current_rpc_client != task->tk_client) {
691 /* queue a callback on the new connection: */ 691 /* queue a callback on the new connection: */
692 atomic_inc(&dp->dl_count);
692 nfsd4_cb_recall(dp); 693 nfsd4_cb_recall(dp);
693 return; 694 return;
694 } 695 }